Attractive Orchid Chipmunk
High
The attacker will prevent any SetterFunction by calling MultiSign::executeSetterFunction before the admin calls it
The MultiSign::executeSetterFunction function is vulnerable to abuse because it is an external function that allows anyone to call if its status is getSetterFunctionApproval(_function) >= requiredApprovals. An attacker could exploit this by repeatedly calling executeSetterFunction whenever a set function is available to be executed.
The root cause of this issue lies in the design of the function:
- The function is external, meaning it can be called by anyone.
- When called, it checks the
getSetterFunctionApproval(_function) >= requiredApprovals, then changes approvedToUpdate from true to false. This occurs in a temporary state before the admin calls setter functions likeBorrowing::setAPR. - This creates a window of opportunity for a DoS attack.
- As a result, setter functions will always revert.
There must be a state with getSetterFunctionApproval(_function) >= requiredApprovals.
The attacker needs to monitor the contract to identify when getSetterFunctionApproval(_function) >= requiredApprovals
Then, they must execute MultiSign::executeSetterFunction before the admin calls setter functions such as Borrowing::setAPR.
- An attacker monitors the contract to detect when a
getSetterFunctionApproval(_function) >= requiredApprovalsstate. - As soon as this state, the attacker calls the
MultiSign::executeSetterFunctionfunction.
This vulnerability allows a malicious actor to disrupt the entire system by preventing any set function from executing.
Add access control to MultiSign::executeSetterFunction.